GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-14 17:22:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST750LM022_HN-M750MBB rev.2BA30001 698,64GB Running: 20fm9rsg.exe; Driver: C:\Users\Asus\AppData\Local\Temp\fwlcqaoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000115900 7 bytes [40, 4C, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000115908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce932f0 7 bytes JMP 000007fefce800d8 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce9aa60 5 bytes JMP 000007fefce80180 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9ac00 5 bytes JMP 000007fefce80110 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9ac0 5 bytes JMP 000007fefce80148 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfe8840 8 bytes JMP 000007fefce801f0 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfeb9f0 8 bytes JMP 000007fefce801b8 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef992dc88 5 bytes JMP 000007fef97200d8 .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef992de10 5 bytes JMP 000007fef9720110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1856] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce932f0 7 bytes JMP 000007fefce800d8 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce9aa60 5 bytes JMP 000007fefce80180 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9ac00 5 bytes JMP 000007fefce80110 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9ac0 5 bytes JMP 000007fefce80148 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfe8840 8 bytes JMP 000007fefce801f0 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfeb9f0 8 bytes JMP 000007fefce801b8 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9f6d10 11 bytes JMP 000007fefce80228 .text C:\Windows\system32\taskeng.exe[1924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea0b4f0 7 bytes JMP 000007fefce80260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076bfa3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c03f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c1ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c2f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c59c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c69710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076c88ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce932f0 7 bytes JMP 000007fefce800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce9aa60 5 bytes JMP 000007fefce80180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9ac00 5 bytes JMP 000007fefce80110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9ac0 5 bytes JMP 000007fefce80148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfe8840 8 bytes JMP 000007fefce801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfeb9f0 8 bytes JMP 000007fefce801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9f6d10 11 bytes JMP 000007fefce80228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea0b4f0 7 bytes JMP 000007fefce80260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076bfa3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c03f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c1ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c2f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c59c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c69710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076c88ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce932f0 7 bytes JMP 000007fefce800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce9aa60 5 bytes JMP 000007fefce80180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9ac00 5 bytes JMP 000007fefce80110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcea9ac0 5 bytes JMP 000007fefce80148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcfe8840 8 bytes JMP 000007fefce801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcfeb9f0 8 bytes JMP 000007fefce801b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe[2072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2404] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000073e9b4e3 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000073e9b54d .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765a1401 2 bytes JMP 764cb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765a1419 2 bytes JMP 764cb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765a1431 2 bytes JMP 76549149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765a144a 2 bytes CALL 764a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765a14dd 2 bytes JMP 76548a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765a14f5 2 bytes JMP 76548c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765a150d 2 bytes JMP 76548938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765a1525 2 bytes JMP 76548d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765a153d 2 bytes JMP 764bfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765a1555 2 bytes JMP 764c6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765a156d 2 bytes JMP 76549201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765a1585 2 bytes JMP 76548d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765a159d 2 bytes JMP 765488fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765a15b5 2 bytes JMP 764bfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765a15cd 2 bytes JMP 764cb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765a16b2 2 bytes JMP 765490c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765a16bd 2 bytes JMP 76548891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000072cc3840 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074d15e75 5 bytes JMP 0000000072cc3800 .text C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe[3300] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074d49cbb 5 bytes JMP 0000000072cc36e0 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000764a1eee 7 bytes JMP 0000000072cc5230 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000764a5b85 7 bytes JMP 0000000072cc5870 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764b1409 7 bytes JMP 0000000072cc5480 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000764bea5d 7 bytes JMP 0000000072cc5220 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765490c4 7 bytes JMP 0000000072cc4850 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076549149 5 bytes JMP 0000000072cc4a30 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007654949f 5 bytes JMP 0000000072cc4860 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 0000000072cc4770 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 0000000072cc4680 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072cc4a40 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 0000000072cc4370 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075f9e757 5 bytes JMP 0000000072cc3980 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075f9e991 5 bytes JMP 0000000072cc3990 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b15645 5 bytes JMP 0000000072cc4300 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b2f61f 5 bytes JMP 0000000072cc4360 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b50867 5 bytes JMP 0000000072cc35c0 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b67af4 5 bytes JMP 0000000072cc42d0 .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073381003 2 bytes [38, 73] .text C:\Users\Asus\Desktop\20fm9rsg.exe[3008] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000073381017 2 bytes [38, 73] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xC6 0x4A 0xB3 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xFB 0x31 0x41 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@78471d512c61 0xC6 0x4A 0xB3 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8046c75@805719f9031f 0xFB 0x31 0x41 0xF7 ... ---- EOF - GMER 2.2 ----